I hereby agree to the processing of personal data by PKO Bank Polski S.A. for the purpose of marketing products and services of cooperating entities**A cooperating entity is an entity that belongs to PKO Bank Polski S.A. Capital Group with composition listed on www.pkobp.pl/grupa and an entity which concluded an agreement with PKO Bank Polski S.A. related to the banking services provided by PKO Bank Polski S.A. listed on www.pkobp.pl/podmioty

You can withdraw any or all consents at any moment. Such withdrawal shall be without prejudice to the lawfulness of processing conducted on the basis of your consent prior to the withdrawal.

Checking no consent shall not be tantamount to an objection to the processing of your personal data for marketing purposes. Thus, PKO Bank Polski S.A. (“Bank”) will be able to send marketing information about its products and services by mail.

You may file an objection to the processing of your personal data for marketing purposes at any moment, e.g. by mail to the Bank’s address, by submitting a relevant statement at the Bank’s branches, via the electronic banking service or by calling PKO Bank Polski S.A. helpline.

After the objection to the processing of your personal data for marketing purposes has been filed, the Bank will not process your personal data for marketing purposes and it will not send offerings or marketing information (including those of its cooperating entities) in any form.

Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, hereinafter referred to as the “Regulation”, we wish to inform you that:

1. Data Controller

The controller of your personal data is Powszechna Kasa Oszczędności Bank Polski Spółka Akcyjna with its registered office in Warsaw, address: ul. Puławska 15, 02-515 Warszawa, registered by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register, under KRS number 0000026438, NIP (tax identification number): 525-000-77-38, REGON (business statistical number): 016298263, its (paid-up) share capital amounting to PLN 1,250,000,000, helpline: 800 302 302, hereinafter referred to as the “Bank”.

2. Data Protection Officer

The Bank has appointed a Data Protection Officer. Address: Inspektor Ochrony Danych (Data Protection Officer), ul. Puławska 15, 02-515 Warszawa, e-mail address: iod@pkobp.pl. Details concerning the Data Protection Officer are available under the “GDPR” tab on the Bank’s website, and can be obtained at the Bank’s branches or from its agents.

Personal data may be processed by the Bank for the following purposes: 1) presentation of offers or processing of a request for a product offered by the Bank or a service provided by the Bank, including for and on behalf of companies from the Bank’s Corporate Group and entities cooperating with the Bank, on the basis of Article 6(1)(b) or (f) of the Regulation,2) conclusion of an agreement on the basis of Article 6(1)(b) of the Regulation,3) implementation of an existing agreement or provision of services by the Bank, on the basis of Article 6(1)(b)-(c) of the Regulation,4) creditworthiness assessment and credit risk analysis, on the basis of Article 6(1)(b)-(c) of the Regulation,5) 5) management of risk by the Bank, including assessment of the creditworthiness and credit standing, on the basis of Article 6(1)(b)-(c) of the Regulation,6) handling of complaints, requests and appeals, on the basis of Article 6(1)(b)-(c) and (f) of the Regulation, 7) execution by the Bank of actions resulting from generally applicable laws, including tasks undertaken in the public interest, on the basis of Article 6(1)(c) and (e) of the Regulation,8) exercise representation powers (for example, under a power of attorney) or rights arising from a surety, on the basis of Article 6(1)(b)-(c) of the Regulation,9) marketing, including promotion of products offered by the Bank or services provided by the Bank or companies from the Bank’s Corporate Group or entities cooperating with the Bank, on the basis of Article 6(1)(f) of the Regulation,10) establishing and exercising claims by the Bank in connection with its activity, including restructuring, debt collection, debt enforcement, taking actions to find buyers for assets securing an agreement and sale of receivables arising from such an agreement, or defence against claims made against the Bank, before law enforcement bodies, judicial bodies, including common courts, administrative courts, the Supreme Court, in the course of administrative proceedings, including tax proceedings, on the basis of Article 6(1)(f) of the Regulation,11) detection and mitigation of fraud related to the Bank’s activity, and ensuring the safekeeping of the Bank’s customers’ money, as well as conducting enquiries, on the basis of Article 6(1)(f) of the Regulation.

The details of the entities of the Bank’s Corporate Group and entities cooperating with the Bank are available under the “GDPR” tab on the Bank’s website, and can be obtained at the Bank’s branches or from its agents.

5. Sharing personal data

The Bank can share your personal data with:

1) entities and bodies to which the Bank is required or authorised to disclose personal data on the basis of generally applicable laws, including entities and bodies authorised to receive personal data from the Bank or authorised to request access to personal data on the basis of generally applicable laws, in particular on the basis of Article 104(2) and Article 105(1) and (2) of the Banking Law,2) entities to which the Bank entrusts banking operations or activities associated with banking operations conducted for the Bank,3) the institutions referred to in Article 105(4) of the Banking Law,4) bodies and entities authorised to receive personal data on the basis of Article 149 or 150 of the Act on trading in financial instruments or other laws governing trade in financial instruments (in respect of trust services provided by the Bank under Article 119 of the Act on trading in financial instruments, or services performed by the Bank under Article 70(2) of the Act on trading in financial instruments),5) Economic Information Bureaus operating under the Act on the sharing of economic information and exchange of economic data, pursuant to the provisions of this Act,6) entities from the Bank’s Corporate Group and entities cooperating with the Bank in connection with products and services offered by these entities. The list of the above entities is available under the “GDPR” tab on the Bank’s website, and can be obtained at the Bank’s branches or from its agents.

6. Transferring personal data to third countries

Your data may be transferred to the US government administration in connection with international money transfers via the SWIFT network.

7. Data retention period

Your personal data will be retained:

1) for the duration of the offer or processing of your request for a product offered by the Bank or a service provided by the Bank, including for and on behalf of companies from the Bank’s Corporate Group and entities cooperating with the Bank,2) for the term of your agreement with the Bank, and thereafter in connection with the Bank’s legal obligations stemming from generally applicable laws, 3) for a period necessary for the Bank to exercise its claims in connection with its operations, or defend against claims filed against the Bank, on the basis of generally applicable laws, subject to the claim limitation periods provided for by generally applicable laws,4) for the duration of the application of the internal approaches and other approaches and models referred to in Part Three of Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No 648/2012, 5) 5) as long as the power of attorney granted to you remains in effect, and after it expires, in connection with the Bank’s legal obligation stemming from generally applicable laws.

Information on data retention periods is available under the “GDPR” tab of the Bank’s website, and can be obtained at the Bank’s branches or from its agents.

8. Available rights

In relation to the processing of your personal data by the Bank, you have:

1) a right to access your personal data,2) a right to have your personal data rectified, 3) a right to have your personal data erased (right to be forgotten),4) a right to have the processing of your personal data restricted,5) a right to have your personal data transferred to another personal data controller,6) a right to object to the processing of your personal data, including for the needs of profiling and direct marketing,7) a right to withdraw your consent, when the Bank processes your personal data on the basis of your consent, at any time and by any means, without prejudice to the lawfulness of processing conducted on the basis of your consent prior to the withdrawal,8) a right to file a complaint with the President of the Office for Personal Data Protection (Prezes Urzędu Ochrony Danych Osobowych) if you consider that the processing of your personal data is in breach of the Regulation.

9. Source of data - this information applies to personal data acquired otherwise than from the data subject

Your personal data may be obtained from your legal representative, a principal subject to a power of attorney, a company for which you are the beneficial owner, your employer, a party to an agreement concluded with the Bank, as well as from publicly available sources, in particular from the following databases and registers: the Universal Electronic System for Registration of the Population (PESEL), the Identity Document Register (Rejestr Dowodów Osobistych), the National Court Register (KRS), the Central Business Registration and Information Records (CEIDG), and the National Business Register (REGON).

10. Requirement to provide data

We need your personal data for the purpose set out in point 4 above for:

1) us to process your request for a product offered by the Bank or a service provided by the Bank, including for and on behalf of the Bank’s Corporate Group and entities cooperating with the Bank, whereby your not providing us with your personal data will make us unable to handle your request for the product offered by the Bank or the service provided by the Bank, including for and on behalf of companies from the Bank’s Corporate Group and entities cooperating with the Bank,2) us to conclude and perform an agreement between you and the Bank, whereby your not providing us with your personal data will result in us being unable to conclude and perform such an agreement,3) the Bank to be able to provide its services, whereby your not providing us with your personal data will result in the Bank being unable to provide the services, 4) us to consider your complaint or grievance, whereby your not providing us with your personal data will result in us being unable to consider your complaint or grievance,5) you to receive offers or marketing materials for products offered by the Bank or services provided by the Bank, including for and on behalf of companies from the Bank’s Corporate Group and entities cooperating with the Bank, whereby your not providing us with your personal data will make you unable to receive such offers or marketing materials for products or services.

11. Automated decision-making, including profiling

Your personal data will be processed by automated means, including profiling, for the purpose of evaluating your creditworthiness and for marketing purposes, which will enable us to simplify your customer service and provide you with an individualised offer of products offered by the Bank or services provided by the Bank, including for and on behalf of the Bank’s Corporate Group and entities cooperating with the Bank.

Information on automated decision-making, including profiling, is available under the “GDPR” tab of the Bank’s website, and can be obtained at the Bank’s branches or from its agents.

In order to provide top-level services, the information websites of PKO Bank Polski use cookies saved in the browser cache. Detailed information about the purpose of using them, combining them with data held by the Bank and changes in cookie settings, as well as removing cookies from the browser are presented in the Privacy Policy.

Further use of the website without changes in settings pertaining to cookies in the browser means confirmation for having read the information above and acceptance of cookies for marketing purposes.

Cookies are processed for the best adjustment of the presented content to the needs and interests of the user, as well as for ensuring safety of services provided by the Bank and to perform measurements that allow for improving the products and services offered by the Bank. Detailed information about types of cookies, modes of using the files and removing them, as well as about our partners are presented in the Privacy Policy.